Fine Grain Auditing

A customer wants us to use Fine Grain Auditing (FGA) to track some changes being made on his schema. The requirements are even more vague than the usual customer requests – he doesn’t know which operations on which tables he wants to track, but he knows that it must be Fine Grain Auditing. Some day I’ll find a way to prevent Oracle marketing from talking to our customers.

The one thing the customer requires is that FGA should have no performance impact on our system. My job is to set up tests and benchmarks so we will have more concrete information on when we can expect FGA to have no impact, and when we will feel a performance degredation.

Allow me to recommend “Fine-Grained Auditing for Real-World Problems” by Arup Nanda as a terrific place to begin learning about FGA. The examples are crystal clear, he covers the important features, tables and methods. If you read carefully you’ll also learn non trivial facts about FGA – such as the importance of collecting statistics on the tables you audit. After reading Nanda’s article, you can refer to the “Oracle® Database PL/SQL Packages and Types Reference” as the definitive usage instructions.

If you want to read a bit about the possible performance impact of FGA, you’ll probably find that there is absolutely no material about this anywhere. Which is rather frusturating, really. I’m sure Oracle tested FGA and has some numbers about the possible performance impact, at least in some cases. Why don’t they release this information?

Advertisements

3 Comments on “Fine Grain Auditing”

  1. David says:

    Yeah, I am *exactly* in the same case… looking for any documentation about FGA/performance stuff but couldn’t find anything so far… did you find anything? Thanks!

  2. prodlife says:

    Hi David,

    There is no official documentation about FGA. Do your own tests (pay attention to CPU, disk space, redo logs, IO), convince yourself and management that your tests are valid, and decide whether the cost (in IO, diskspace, CPU, etc) is worth it.

    I noticed that when there is no good reason to have FGA than performance is an issue. When auditing is really needed, performance is not such a big problem…

  3. I Know, it’s an old thread, but i came here by Google and too many people should come here too.
    There’s some cheap documentation and Performance Guidelines on Oracle.com, that can help in something.
    http://www.oracle.com/technetwork/database/audit-vault/learnmore/twp-security-auditperformance-166655.pdf

    Sorry for my english, i’m still learning it.
    I hope i can help somebody with this.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s